package com.example.springbootjspshiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("order")

public class OrderController {
    @RequestMapping("save")
    @RequiresRoles(value = {"admin","user"})//基于角色的   访问这个方法所需要的权限
    @RequiresPermissions("user:update:01")//基于权限字符串   访问该方法所需要该（已经登录）subject需要有的权限
    public String save(){
        System.out.println("进入方法");
        Subject subject = SecurityUtils.getSubject();
        if(subject.hasRole("admin")){
            System.out.println("报存订单");
        }else {
            System.out.println("权限不够");
        }
        return "redirect:/login.jsp";
    }
}
